Skip to main content
CVE-2023-3316 MEDIUM POC PATCH This Month

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-35862 MEDIUM POC PATCH This Month

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-35840 MEDIUM POC PATCH This Month

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Elfinder
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-2779 MEDIUM POC This Month

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Share Social Login And Social Comments
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-2654 MEDIUM POC This Month

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Conditional Menus
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2399 MEDIUM POC This Month

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Qubot
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3318 MEDIUM POC This Month

A vulnerability was found in SourceCodester Resort Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Resort Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2899 MEDIUM POC This Month

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Map Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0489 MEDIUM POC This Month

The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sideonline
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0368 MEDIUM POC This Month

The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Tabs For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2751 MEDIUM POC This Month

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Upload Resume
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-2812 MEDIUM POC This Month

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Dashboard
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2811 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2742 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2684 MEDIUM POC This Month

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Renaming On Upload
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2600 MEDIUM POC This Month

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Base Terms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2527 MEDIUM POC This Month

The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress XSS Zoho Integration For Contact Form 7 And Zoho Crm Bigin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2401 MEDIUM POC This Month

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qubot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34657 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29546 MEDIUM This Month

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Focus
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29545 MEDIUM This Month

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32210 MEDIUM This Month

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35005 MEDIUM PATCH This Month

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-32659 MEDIUM This Month

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Powersystem Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35775 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Backup Solutions
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35772 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Google Map Shortcode
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34415 MEDIUM This Month

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Open Redirect Firefox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3022 MEDIUM PATCH This Month

A flaw was found in the IPv6 module of the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29532 MEDIUM This Month

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35866 MEDIUM This Month

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Keepassxc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-34461 MEDIUM PATCH This Month

PyBB is an open source bulletin board. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35776 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sermons Online
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34167 MEDIUM This Month

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34160 MEDIUM This Month

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34158 MEDIUM This Month

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34156 MEDIUM This Month

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Emui
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32208 MEDIUM This Month

Service workers could reveal script base URL due to dynamic `import()`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35779 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seed Fonts
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-33213 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpview
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3315 MEDIUM PATCH This Month

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Concert
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy